Lucene search
MitreVULNRICHMENT:CVE-2023-31045HistoryApr 24, 2023 - 12:00 a.m.
CVE-2023-31045
2023-04-2400:00:00
mitre
github.com
4
text editors
formats
remote attackers
arbitrary web script
html
name parameter
content type
admin
xss payload
text formatting
security relevance
vendor dispute
A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because “any administrator that can configure a text format could easily allow Full HTML anywhere.”
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*"
],
"vendor": "backdropcms",
"product": "backdrop",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.24.2",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Cross-site Scripting in Backdrop CMS
2023-04-24 09:30:19
cve
cve
CVE-2023-31045
2023-04-24 08:15:07
veracode
veracode
Stored Cross-Site Scripting (XSS)
2023-05-12 10:05:53
nvd
nvd
CVE-2023-31045
2023-04-24 08:15:07
github
github
Cross-site Scripting in Backdrop CMS
2023-04-24 09:30:19
prion
prion
Cross site scripting
2023-04-24 08:15:00
cvelist
cvelist
CVE-2023-31045
2023-04-24 00:00:00
AI Score
5.4
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-31045